SharkBot Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (413)

Lang

en	342
de	24
ru	16
sv	12
pl	4

Land

us	286
ru	48
ir	16
cn	16
gb	8

Skådespelare

SharkBot	21
Gozi	15
Cobalt Strike	9
ISFB	9
RedLine Stealer	7

Intressera

Typ

Not Defined	116
Content Management System	18
Web Server	14
Firewall Software	14
Operating System	12

Säljare

Not Defined	90
Apple	12
Microsoft	10
Apache	10
Sophos	6

Produkt

nginx	8
Microsoft Windows	6
WordPress	6
SugarCRM	6
jQuery	6

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php privilegier eskalering	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.31	CVE-2010-0966
3	SugarCRM sql injektion	5.8	5.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00208	0.02	CVE-2020-17373
4	jforum User privilegier eskalering	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.06	CVE-2019-7550
5	nginx privilegier eskalering	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	0.15	CVE-2020-12440
6	SugarCRM Emails sql injektion	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00087	0.00	CVE-2019-17319
7	IBM CTSS Text Editor Password informationsgivning	3.3	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.03
8	JumpServer kataloggenomgång	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.02	CVE-2023-42819
9	2daybiz Auction Script Login login.php sql injektion	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00380	0.00	CVE-2010-1706
10	Synacor Zimbra Collaboration Suite Calendar Invite ZmMailMsgView.js cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00155	0.03	CVE-2021-35208
11	SugarCRM Configurator privilegier eskalering	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00090	0.00	CVE-2019-17306
12	SugarCRM Administration sql injektion	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00087	0.00	CVE-2019-17298
13	Apple macOS wifivelocityd privilegier eskalering	8.2	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00148	0.02	CVE-2020-3838
14	nginx Range Filter minneskorruption	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.96283	0.08	CVE-2017-7529
15	jQuery Property extend Pollution cross site scripting	6.6	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03535	0.15	CVE-2019-11358
16	OpenSSH scp scp.c privilegier eskalering	6.4	6.4	$25k-$100k	$5k-$25k	Not Defined	Unavailable	0.00289	0.05	CVE-2020-15778
17	jQuery html cross site scripting	5.8	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01900	0.03	CVE-2020-11023
18	Microsoft Windows HTML Remote Code Execution	5.8	5.7	$25k-$100k	$25k-$100k	Functional	Official Fix	0.53140	0.06	CVE-2023-36884
19	Fortinet FortiOS/FortiProxy FortiGate SSL-VPN minneskorruption	9.8	9.6	$25k-$100k	$25k-$100k	Not Defined	Official Fix	0.15407	0.02	CVE-2023-27997
20	Sunny WebBox förfalskning på begäran över webbplatsen	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00150	0.02	CVE-2019-13529

IOC - Indicator of Compromise (66)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	37.10.71.172		SharkBot	27/01/2023	verified	Hög
2	45.11.180.20	help-extract.paststreak.net	SharkBot	25/03/2023	verified	Hög
3	45.11.180.28	sftp.novacoral.com	SharkBot	08/03/2024	verified	Hög
4	45.11.180.82		SharkBot	06/03/2023	verified	Hög
5	45.11.180.179		SharkBot	15/11/2022	verified	Hög
6	45.11.180.240		SharkBot	06/03/2023	verified	Hög
7	45.11.182.33		SharkBot	10/03/2023	verified	Hög
8	45.11.182.62		SharkBot	14/03/2023	verified	Hög
9	45.11.183.78		SharkBot	23/03/2024	verified	Hög
10	45.61.152.227		SharkBot	08/03/2024	verified	Hög
11	45.147.229.134		SharkBot	04/04/2024	verified	Hög
12	45.155.250.106		SharkBot	04/04/2024	verified	Hög
13	45.155.250.207		SharkBot	08/03/2024	verified	Hög
14	67.223.117.90		SharkBot	20/11/2023	verified	Hög
15	XX.XXX.XXX.XX		Xxxxxxxx	26/11/2022	verified	Hög
16	XX.XXX.XXX.XXX		Xxxxxxxx	07/01/2023	verified	Hög
17	XX.XXX.XXX.XXX		Xxxxxxxx	11/03/2023	verified	Hög
18	XX.XX.XX.XX		Xxxxxxxx	08/03/2024	verified	Hög
19	XX.XXX.XXX.XXX		Xxxxxxxx	02/09/2022	verified	Hög
20	XX.XXX.XXX.XXX		Xxxxxxxx	04/03/2022	verified	Hög
21	XX.XXX.XXX.XXX		Xxxxxxxx	08/03/2024	verified	Hög
22	XX.XXX.XX.XXX		Xxxxxxxx	06/03/2023	verified	Hög
23	XX.XXX.XXX.XXX		Xxxxxxxx	06/01/2023	verified	Hög
24	XX.XXX.XX.XXX		Xxxxxxxx	08/03/2024	verified	Hög
25	XXX.XXX.XXX.XX		Xxxxxxxx	26/06/2022	verified	Hög
26	XXX.XXX.XXX.XX		Xxxxxxxx	04/03/2022	verified	Hög
27	XXX.XXX.XXX.XXX		Xxxxxxxx	02/09/2022	verified	Hög
28	XXX.XXX.XXX.XXX		Xxxxxxxx	02/09/2022	verified	Hög
29	XXX.XX.XXX.XXX		Xxxxxxxx	08/03/2024	verified	Hög
30	XXX.XX.XXX.XXX		Xxxxxxxx	08/03/2024	verified	Hög
31	XXX.XX.XX.XX		Xxxxxxxx	08/03/2024	verified	Hög
32	XXX.XX.XXX.XXX	xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	06/03/2023	verified	Hög
33	XXX.XX.XXX.XXX	xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	06/03/2023	verified	Hög
34	XXX.XX.XXX.XXX	xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	11/03/2023	verified	Hög
35	XXX.XX.XXX.XXX		Xxxxxxxx	26/06/2022	verified	Hög
36	XXX.XX.XXX.XXX	xxxxxxxx.xxx	Xxxxxxxx	23/04/2022	verified	Hög
37	XXX.XX.XXX.XXX	xxx.xxxxxxxxxxxxxxxxxxx.xxxx	Xxxxxxxx	04/03/2022	verified	Hög
38	XXX.XX.XXX.XX		Xxxxxxxx	22/06/2022	verified	Hög
39	XXX.XXX.XXX.XX		Xxxxxxxx	07/11/2022	verified	Hög
40	XXX.XXX.XXX.XX		Xxxxxxxx	22/06/2022	verified	Hög
41	XXX.XXX.XXX.XX	xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	13/03/2022	verified	Hög
42	XXX.XXX.XXX.XX	xxxxxxxxxx.xxxx	Xxxxxxxx	02/09/2022	verified	Hög
43	XXX.XXX.XXX.XXX		Xxxxxxxx	04/03/2022	verified	Hög
44	XXX.XXX.XXX.XX		Xxxxxxxx	23/03/2024	verified	Hög
45	XXX.XXX.XXX.XX		Xxxxxxxx	28/07/2022	verified	Hög
46	XXX.XXX.XXX.XXX		Xxxxxxxx	05/07/2022	verified	Hög
47	XXX.XXX.XXX.XXX	xxxxxx.xxxxxx	Xxxxxxxx	25/05/2022	verified	Hög
48	XXX.XXX.XX.XX		Xxxxxxxx	08/03/2024	verified	Hög
49	XXX.XXX.XX.XXX		Xxxxxxxx	08/10/2022	verified	Hög
50	XXX.XXX.XX.XX		Xxxxxxxx	02/09/2022	verified	Hög
51	XXX.XXX.XX.XXX	xxxxx.xxxxxxxxxx.xxxx	Xxxxxxxx	10/10/2022	verified	Hög
52	XXX.XXX.XX.XXX		Xxxxxxxx	13/03/2022	verified	Hög
53	XXX.XXX.XX.XXX		Xxxxxxxx	25/11/2022	verified	Hög
54	XXX.XXX.XX.XXX		Xxxxxxxx	24/11/2022	verified	Hög
55	XXX.XXX.XX.XXX	xxxxx.xxxxxx.xxxxxx	Xxxxxxxx	27/11/2022	verified	Hög
56	XXX.XXX.XX.XXX		Xxxxxxxx	22/06/2022	verified	Hög
57	XXX.XXX.XXX.XX		Xxxxxxxx	06/03/2023	verified	Hög
58	XXX.XXX.XXX.XXX		Xxxxxxxx	06/03/2023	verified	Hög
59	XXX.XXX.XXX.XXX		Xxxxxxxx	26/10/2022	verified	Hög
60	XXX.XXX.XXX.XX	xxxxx.xxxxxxx-xxx.xxx	Xxxxxxxx	05/06/2022	verified	Hög
61	XXX.XXX.XXX.XX	xxxxxxxxxxxx.xxxxxxxxx.xxx	Xxxxxxxx	10/10/2022	verified	Hög
62	XXX.XXX.XXX.XXX		Xxxxxxxx	22/06/2022	verified	Hög
63	XXX.XXX.XXX.XXX		Xxxxxxxx	02/09/2022	verified	Hög
64	XXX.XX.XXX.XX	xxxxx.xxxxxxxx-xx.xxx	Xxxxxxxx	22/06/2022	verified	Hög
65	XXX.XX.XXX.XXX		Xxxxxxxx	18/11/2022	verified	Hög
66	XXX.XX.XXX.XXX		Xxxxxxxx	11/03/2023	verified	Hög

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CWE-22, CWE-37, CWE-425	Path Traversal	predictive	Hög
2	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	Hög
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Hög
4	T1059	CWE-94	Argument Injection	predictive	Hög
5	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
7	TXXXX.XXX	CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
10	TXXXX	CWE-XXX, CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
11	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
12	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
13	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Hög
15	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
16	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
17	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	Hög
18	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög
19	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Hög
20	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (127)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	%PROGRAMFILES(X86)%\Teradici\PCoIP.exe	predictive	Hög
2	File	/.vnc/sesman_${username}_passwd	predictive	Hög
3	File	/api/RecordingList/DownloadRecord?file=	predictive	Hög
4	File	/api/v2/cli/commands	predictive	Hög
5	File	/cgi-bin/supervisor/PwdGrp.cgi	predictive	Hög
6	File	/cgi/loginDefaultUser	predictive	Hög
7	File	/Duty/AjaxHandle/UpLoadFloodPlanFile.ashx	predictive	Hög
8	File	/mics/j_spring_security_check	predictive	Hög
9	File	/oauth/token	predictive	Medium
10	File	/opt/bin/cli	predictive	Medium
11	File	/rom-0	predictive	Låg
12	File	/uncpath/	predictive	Medium
13	File	/usr/local/WowzaStreamingEngine/bin/	predictive	Hög
14	File	/video-sharing-script/watch-video.php	predictive	Hög
15	File	/wp-admin	predictive	Medium
16	File	/_xxxxx	predictive	Låg
17	File	/_xxxx	predictive	Låg
18	File	xxxxxxxxxxx.xxxx	predictive	Hög
19	File	xxx.x	predictive	Låg
20	File	xxxxxxx.xxx	predictive	Medium
21	File	xxx_xxxxxxx.xxx	predictive	Hög
22	File	xxxxx/xxxx_xxxxx_xxxx.xxx	predictive	Hög
23	File	xxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.x	predictive	Hög
24	File	xx_xxxxxx_xxxxxxx.xxx	predictive	Hög
25	File	xxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxx	predictive	Hög
26	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Hög
27	File	xx_xxxxx_xxxxx.xxx	predictive	Hög
28	File	xxxxx.xxx	predictive	Medium
29	File	xxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/	predictive	Hög
30	File	xxxxxxx_xxx.xxx	predictive	Hög
31	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxx	predictive	Hög
32	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
33	File	xxxx\xxxxxx.xxx	predictive	Hög
34	File	xxxxxxxx.xxx	predictive	Medium
35	File	xxxxx.xxx	predictive	Medium
36	File	xxx/xxxxx/xxxxx.x	predictive	Hög
37	File	xxxxxxxxx/xx/xxxxxxxxxxxx.xxx	predictive	Hög
38	File	xxxx.xxx	predictive	Medium
39	File	xxxxxxxxxx/xxx/xxxx/xxxx/xxx/xxx/xxxxxx/xxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Hög
40	File	xxx/xxxxxx.xxx	predictive	Hög
41	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Hög
42	File	xxxxxxxx/xxxxx-xx-xxxxxxxxx.xxx	predictive	Hög
43	File	xxxxxxxx/xxxxx_xxxxxx.xxx	predictive	Hög
44	File	xxxxxxxx/xxxxxx-xxxx-xxxxxxxxx-xxx	predictive	Hög
45	File	x_xxxxxxxx_xxxxx	predictive	Hög
46	File	xxxxx/xxx_xxxxxxxx	predictive	Hög
47	File	xxxxx/xxxxxxxxx	predictive	Hög
48	File	xxxxxxxxxxx/xxxxx.x	predictive	Hög
49	File	xxxxxxxxxxxxxxxxxx.xxx	predictive	Hög
50	File	xxxxx.xxx	predictive	Medium
51	File	xxxx.x	predictive	Låg
52	File	xxxx.xxx	predictive	Medium
53	File	xxxxxxxxxx.xxx?xxxxxx=xxxxxxx	predictive	Hög
54	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	Hög
55	File	xxxxxxxxxxxx.xxxx	predictive	Hög
56	File	xxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxxx.xxx	predictive	Hög
57	File	xxx/xxxx/xxxxxxxxx/xx_xxx_xxxx_xxxxx_xxxx.x	predictive	Hög
58	File	xxxxx_xxxxxxxx.xxx	predictive	Hög
59	File	xxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxx	predictive	Hög
60	File	xxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxx	predictive	Hög
61	File	xxxxxxx_xxxxxxx.xxx	predictive	Hög
62	File	xxxxxxxxxxxxx.x	predictive	Hög
63	File	xxxxx-xxxxxxxx-xxxxxxxxx.xxx	predictive	Hög
64	File	xxxxxxxx.xxx	predictive	Medium
65	File	xxxxx.xxx	predictive	Medium
66	File	xxxxxxxxxx.xxx	predictive	Hög
67	File	xxxxxxxx.xxx	predictive	Medium
68	File	xxxxxxxx.xxx	predictive	Medium
69	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Hög
70	File	xxxxxxx.xxx	predictive	Medium
71	File	xxx_xxxxx_xxxxxxx.x	predictive	Hög
72	File	xxxxxx_xxxx.x	predictive	Hög
73	File	xxx.x	predictive	Låg
74	File	xxxx-xxxxxx.x	predictive	Hög
75	File	xxxx.xxx	predictive	Medium
76	File	xxxxxx/	predictive	Låg
77	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	predictive	Hög
78	File	xxxx.xxx	predictive	Medium
79	File	xxxxxx.xxx	predictive	Medium
80	File	xx-xxxxx/xxxx-xxx-xxxx.xxx	predictive	Hög
81	File	xx-xxxxx/xxxxx.xxx	predictive	Hög
82	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	Hög
83	File	xxxxxxx.xxxx	predictive	Medium
84	File	xxxxxxxxxxxxx.xx	predictive	Hög
85	Argument	$xxxxx_xxxxxxxxxx	predictive	Hög
86	Argument	--xxxx=xxx	predictive	Medium
87	Argument	/.xxx/xxxxxx_${xxxxxxxx}_xxxxxx	predictive	Hög
88	Argument	xxxxxxxx	predictive	Medium
89	Argument	xxxxxxxx	predictive	Medium
90	Argument	xxxxxxxxxx	predictive	Medium
91	Argument	xxx	predictive	Låg
92	Argument	xxxx/xxxxx/xxxxx_xxxxxxxxxxx	predictive	Hög
93	Argument	xxxxxxx	predictive	Låg
94	Argument	xxxx_xxxx	predictive	Medium
95	Argument	xxxx	predictive	Låg
96	Argument	xxxxxxxxxxx	predictive	Medium
97	Argument	xxxx_xxxxxx_xxxxxxxxx	predictive	Hög
98	Argument	xxxxx	predictive	Låg
99	Argument	xxxx	predictive	Låg
100	Argument	xxxxxxxx	predictive	Medium
101	Argument	xxxxxxxx	predictive	Medium
102	Argument	xxx_xxxxx_xxxx_xxxxxxx	predictive	Hög
103	Argument	xx	predictive	Låg
104	Argument	xxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxx	predictive	Hög
105	Argument	x_xxxxxxxx	predictive	Medium
106	Argument	x_xxxxxxxx	predictive	Medium
107	Argument	xxx	predictive	Låg
108	Argument	xxxx_xx	predictive	Låg
109	Argument	xxxx_xxxx	predictive	Medium
110	Argument	xxxxxxxx	predictive	Medium
111	Argument	xxx_xx_xxxx	predictive	Medium
112	Argument	xxxxxxxx	predictive	Medium
113	Argument	xxxxx_xxxx_xxxx	predictive	Hög
114	Argument	xxxxxxx	predictive	Låg
115	Argument	xxxxxx	predictive	Låg
116	Argument	xxxx	predictive	Låg
117	Argument	xxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxx	predictive	Hög
118	Argument	xxxxxx	predictive	Låg
119	Argument	xxxxx	predictive	Låg
120	Argument	xxx	predictive	Låg
121	Argument	xxxx/xx/xxxx	predictive	Medium
122	Argument	xxxxxxxx	predictive	Medium
123	Argument	xxxxxxxx	predictive	Medium
124	Argument	_xxx_xxxxxxx_xxxxxxxxxxx_xxx_xxxxxxxx_xxxxxxx_xxxxxxxxxxxxxxxxxx_xxxxxxxx	predictive	Hög
125	Network Port	xxxx	predictive	Låg
126	Network Port	xxx/xx	predictive	Låg
127	Network Port	xxx xxxxxx xxxx	predictive	Hög

Referenser (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!